Student Data Privacy

This list identifies federal policies that safeguard and protect the confidentiality of personal information. Although this list is not exhaustive, it highlights key federal policies related to education records, health information, and the online activities of children.

For detailed information about each law, just click on the title.

Many federal education laws contain additional protections for privacy and confidentiality explicitly for the programs that they authorize; always review program-specific guidelines in conjunction with the groundwork laid in these laws.Family Educational Rights and Privacy Act (FERPA) - The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Protection of Pupil Rights Amendment (PPRA) - PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) - HIPAA establishes privacy and security rules regarding access to protected health information in certain kinds of health records, including health plans, health care clearinghouses, and health care providers.

It is important to note that where health information about a student appears in an education record, FERPA governs the protection of the data, not HIPAA.
Children's Internet Protection Act (CIPA) - CIPA requires K–12 schools and libraries receiving federal discounts for internet access to implement internet safety polices that prevent students from accessing inappropriate and/or harmful materials and that protect against the unauthorized disclosure, use, and dissemination of minors’ personal information.
Privacy Act of 1974 - The Privacy Act of 1974 applies to federal agencies that maintain information about individuals. It seeks to safeguard individual privacy and prevent the misuse of personal information maintained by federal agencies, such as employment histories and financial
transactions. Federal agencies do not collect individual-level data of K–12 students.

Developing a Privacy Program for your District

This short video provides an overview and rationale for why districts need to develop a program to protect student data. It provides best practices and general guidance

Published by the Privacy Technical Assistance Center - Aug 12, 2015

What Parents Need to Know about Their Student's Data

This video is intended for parents and provides guidance and information on questions to ask schools or districts about data collected and/or maintained

Published by the Privacy Technical Assistance Center - Aug 12, 2015

Protecting Student Privacy While Using Online Educational Services

This video is aimed at helping K-12 school officials to better protect student privacy while using online educational services and applications. The video, intended for use during teacher in-service days or professional development meetings, offers a short summary of the issue and provides some examples to help educators identify which online educational services and applications are privacy-friendly and protect student data from improper use and disclosure.

Published by the US Department of Education - Feb 26, 2015

The A-B-C’s of Student Directory Information

FERPA allows schools and districts to designate certain basic student information as directory information, and share that information without consent if certain additional requirements are met. This video describes why a school would want to use student directory information and the types of information that fall into this category. It also explains the process that schools and districts must adhere to when designating directory information